Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3138
qemu security update
14 September 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: qemu
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-16092 CVE-2020-14364 CVE-2020-13253
CVE-2020-1711
Reference: ESB-2020.3048
ESB-2020.2902
ESB-2020.2899
ESB-2020.2866
ESB-2020.2086
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2373
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2373-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
September 13, 2020 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : qemu
Version : 1:2.8+dfsg-6+deb9u11
CVE ID : CVE-2020-1711 CVE-2020-13253 CVE-2020-14364 CVE-2020-16092
Debian Bug : 968947 961297 949731
The following security issues have been found in qemu, which could
potentially result in DoS and execution of arbitrary code.
CVE-2020-1711
An out-of-bounds heap buffer access flaw was found in the way the iSCSI
Block driver in QEMU handled a response coming from an iSCSI server
while checking the status of a Logical Address Block (LBA) in an
iscsi_co_block_status() routine. A remote user could use this flaw to
crash the QEMU process, resulting in a denial of service or potential
execution of arbitrary code with privileges of the QEMU process on the
host.
CVE-2020-13253
An out-of-bounds read access issue was found in the SD Memory Card
emulator of the QEMU. It occurs while performing block write commands
via sdhci_write(), if a guest user has sent 'address' which is OOB of
's->wp_groups'. A guest user/process may use this flaw to crash the
QEMU process resulting in DoS.
CVE-2020-14364
An out-of-bounds read/write access issue was found in the USB emulator
of the QEMU. It occurs while processing USB packets from a guest, when
'USBDevice->setup_len' exceeds the USBDevice->data_buf[4096], in
do_token_{in,out} routines.
CVE-2020-16092
An assertion failure can occur in the network packet processing. This
issue affects the e1000e and vmxnet3 network devices. A malicious guest
user/process could use this flaw to abort the QEMU process on the host,
resulting in a denial of service condition in
net_tx_pkt_add_raw_fragment in hw/net/net_tx_pkt.c
For Debian 9 stretch, these problems have been fixed in version
1:2.8+dfsg-6+deb9u11.
We recommend that you upgrade your qemu packages.
For the detailed security status of qemu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/qemu
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl9eaVMACgkQhj1N8u2c
KO+M3Q//ebK1iayHAU+lOFgWfa5HNgfmTXTDusWDIqJmqzsgi8IV9e25ZmCv7W1N
nPsPf/WH0yk6CSaUEYtu+h1OGYxGKM5OAYoojllSGGvHlMU4WIUK/i+9UXdCM/Fk
FPEcZcE7UrxHtUOZqI7t09ffLnf5CKM+/dY6b7qPiIptyxalyXCVyQXuu4PLhKQP
azNYEXg/BiPEkVZNC2VOxEAg80cxiDtVLrFtt1bhuxrWRVdSeHoeMNI44W37FFlO
zTSeTh66xHKwmpOYeApghe3SA/QoBcghovEUZdZk+TGntwZEJXgMKEScKGkKqDYr
wBqgUSV33s+qhZZdlySR3ehKpFcmNO6/1CbX1O1xk2t93U3rh/1PJSUqzkVhHqwa
zl8R3PKuA6V1xyijhk2Trmw2h9lUp0Kea4Vl/+sTJ/JPBWN1hszWqXdWgvgJRgCs
UvVFaR93pb4uanVC1mIwNqSK23to7Znvqc/5alngcXD6hAwZmCNFrd2b5/PyegEt
VdkgyHMuatf9x9l//UGYlagMHx0SvROwCRphzd7tCRO50WdKed1mgqS7ky6RTD43
/NhEq68XeeRbMYP8adi6NGG4dncuzbLtS5zrl0wS+DP1uB0RJ5+/qEnjCEwZQO/8
7IbwJ3ofI7EYSk9S5Rcq/9ejKNsfR9Yj+ItOfwNrnZ5mJnP7VS8=
=ihEC
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX16/4eNLKJtyKPYoAQic4g//T9vP/Q87i2JzewQQbs8lKxXoEjHF5BjZ
TSF0vJ1rvyPV8yQI1mDHDf6JVceT98jAFCIGxSJJzZ+sQayu9TNzPMW9tR0em8eO
+tM/Vvt1H+5S7D2SxP6UD6nhdq/ruAk3I8CsNXToOYHFTwKVn0hlwTD1X9cHww5E
rm3nalpIDM+jR3rMFG6ff0+iL/dUgwUPycGzBOINIR1rA3EI+SSDLeUJmwh1mYJg
91hiXY2K9KPrCsCo1DsSbQ6KKsgyXgkV6n7yA3MaEu361AuHAq+nsOL6DgGZPWI8
Tkw0RuKM2LcXoE1tSr/+PxTnp/WAnKPrygte64C/MXUGMDEXbjKCGp2zP5Cdtaun
uqSSF0m4L1ej7ndg4rL6sMKn/1X+t4hypGz8TeYjM0ZXM6DoR5Ewy52JSAJARymq
wsR6ztSAJ7ORiGZzaGPIvGmknuXDyKvlKtvN28kTUKDfOTusrHpu35QcOFCsrsNT
4wfmHtPbWc2YDZLhAGOTcLJ7yAJaoTYdhuSoPN46o/gARYWgXZ9pY+LVCyf+MQ+R
Q2vKdCRf6xIPoBleiMKHd6utHr/EXrmUgVePDQWdwcA+qZ8dLaWjydBXaIyJrk3J
kGZ5rPyOcnP6tjp33cXjOnKRtCvT8ohJWuxkXogabOe4Xj2Dtgj0Vapo7G51ou7n
vcPMGnhBvts=
=mSZH
-----END PGP SIGNATURE-----